The Jessie Library

This manual is for Jessie, version 1.0.0.

Copyright (C) 2003, 2004 Casey Marshall.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.

A copy of the license is included in the section entitled "The GNU Free Documentation License".

1. Introduction		What this manual is about.
2. The SSL Context Class		The base class for SSL sockets.
3. Persistent Sessions		How to save sessions across invocations.
4. Properties		Security properties used by Jessie.
Copying Jessie		The license this software is distributed under.
GNU General Public License		Terms and conditions for copying Jessie.
GNU Free Documentation License		Terms and conditions for copying this manual.

1. Introduction

This is the manual for Jessie, a free library implementing the Java Secure Sockets Extension, the JSSE.

The JSSE is an extension of the Java class libraries, and as of Java 1.4, a core piece of the class libraries, that extends the networking capabilities of the Java platform to add support for the secure socket layer, SSL. Jessie contains a clean-room JSSE API, and a provider that implements SSL version 3 and TLS version 1.

Jessie is meant to be run on Java platforms that use GNU Classpath as their class libraries, http://www.gnu.org/software/classpath/, including GCJ http://gcc.gnu.org/ and Kaffe http://www.kaffe.org/. Jessie also uses the GNU Crypto package for its cryptography algorithms, available from http://www.gnu.org/software/gnu-crypto/.

This document describes parts of the JSSE API and how it relates to Jessie. A full description of the JSSE API is not included here; the best place for this is the JavaDoc generated documentation available from the Jessie web site http://metastatic.org/source/jessie/, or from a good reference book.

2. The SSL Context Class

The base class that should be used for all SSL communications is the javax.net.ssl.SSLContext class, which is an example of an engine class, wherein instances for a particular algorithm are created through factory methods. SSLContext defines three static factory methods:

Function: SSLContext getInstance (java.lang.String name) throws java.security.NoSuchAlgorithmException

Function: SSLContext getInstance (java.lang.String name, java.lang.String provider) throws java.security.NoSuchAlgorithmException, java.security.NoSuchProviderException

Function: SSLContext getInstance (java.lang.String name, java.security.Provider provider) throws java.security.NoSuchAlgorithmException

java.security.Security.addProvider(new org.metastatic.jessie.Jessie());

Or, statically by putting the following entry in your security properties file (usually located at ${JAVA_HOME}/jre/lib/security/java.security):

security.provider.n=org.metastatic.jessie.Jessie

2.1 Initializing SSLContext		How to set up an SSL context.
2.2 Trust Managers		How to set up trust.
2.3 Key Managers		How to set up private credentials.

2.1 Initializing SSLContext

Once an SSLContext class is created, it must be initialized with the following method:

Function: void init (javax.net.ssl.KeyManager[] keyManagers, javax.net.ssl.TrustManager[] trustManagers, java.security.SecureRandom random) throws java.security.KeyManagementException

The default key and trust managers will be initialized according to their own default rules, or, if that fails, the key manager will be empty and the trust manager will contain a small set of widely-recognized CA certificates.

The default secure random number generator will be an instance of the algorithm named in the property jessie.secure.random, or, if that is not specified, the "SHA1PRNG" algorithm. There is also a mechanism for specifying the default seeding method (see section 4. Properties).

2.2 Trust Managers

Trust managers in the JSSE are meant to establish the trust of a remote host, usually by confirming that the certificate sent during the handshake is traceable, within reasonable parameters, to a root certificate belonging to a certificate authority. Jessie supports this default method of trust, as well as other trust models that fit different applications better.

Trust managers are created via the javax.net.ssl.TrustManagerFactory class, which is another factory class. Jessie currently supports two algorithms for creating trust managers: "JessieX509" and "SRP". These algorithms are described in the next sections. Trust manager factories must be initialized with one of the following methods:

Function: void init (java.security.KeyStore store) throws java.security.KeyStoreException

This method populates the to-be-created trust manager with all the certificates contained in the specified, pre-initialized key store. If the argument is null, a default will be used, according to the property jessie.trustmanager, which is more fully described in the properties section (see section 4. Properties).

Function: void init (javax.net.ssl.ManagerFactoryParameters params) throws java.security.InvalidAlgorithmParameterException

This method populates the to-be-created trust manager with certificates contained in the specified parameter object. The semantics of what types of parameters are accepted is algorithm-dependent.

2.2.1 X.509 Certificates		Trust using the X.509 model.
2.2.2 Secure Remote Password		Password-based authentication of clients.

2.2.1 X.509 Certificates

The "JessieX509" algorithm should be used for client sockets that need to verify the authenticity of servers it connects to, and, optionally, for servers that require clients to possess an X.509 certificate.

JessieX509 trust manager factories may be initialized with a key store, and also with the org.metastatic.jessie.StaticTrustAnchors class, which can be created by passing an array of java.security.cert.X509Certificate objects. For convenience, the StaticTrustAnchors class contains a useful constant:

Variable: org.metastatic.jessie.StaticTrustAnchors CA_CERTS

A description of the X.509 certificate infrastructure is beyond the scope of this document; the Internet Engineering Task Force's PKIX charter is the best starting point for documentation of this standard http://www.ietf.org/html.charters/pkix-charter.html.

2.2.2 Secure Remote Password

Secure remote password (SRP) trust managers, created with the "SRP" factory, are primarily of interest to servers that want to authenticate connecting clients via usernames and passwords.

SRP factories cannot be initialized with a key store; instead, they must be initialized with the org.metastatic.jessie.SRPManagerParameters class, which takes as its argument an instance of the gnu.crypto.sasl.srp.PasswordFile class, which is described in the GNU Crypto API documentation http://www.gnu.org/software/gnu-crypto/api/index.html.

Also note that cipher suites that use SRP authentication are not enabled by default; you must specifically enable them when setting up the server socket (and for client sockets, even though SRP trust managers are not required for client sockets).

2.3 Key Managers

Key managers in the JSSE are the mechanism for managing the public and private key pairs used to authenticate SSL servers (and, less often, SSL clients) to the connecting party. Jessie supports key managers for the X.509 public key infrastructure.

Key managers are created with the factory class javax.net.ssl.KeyManagerFactory. Jessie provides the key manager factory algorithm "JessieX509".

There are two ways to initialize a JessieX509 key manager factory: the default, via a java.security.KeyStore, or by the org.metastatic.jessie.PrivateCredentials class.

2.3.1 From Key Stores		Initializing the JSSE way.
2.3.2 From Files		Initializing with PEM-formatted files.

2.3.1 From Key Stores

Function: void init (java.security.KeyStore store, char[] password) throws java.security.KeyStoreException, java.security.NoSuchAlgorithmException, java.security.UnrecoverableKeyException

Jessie accepts pre-initialized java.security.KeyStore objects and will use the first key and certificate chain pair it finds suitable for X.509 authentication, and whose private key may be unlocked with the given password.

An exception is thrown if the key store does not contain any appropriate key/certificate pairs, or if the password could not unlock an appropriate key.

You can also specify null as the store argument, in which case the default key store will be loaded and used. The path to the default keystore is controlled via system property javax.net.ssl.keyStore. See section 4. Properties.

2.3.2 From Files

The alternative to key stores is to load private keys and certificates from separate files, via the class org.metastatic.jessie.PrivateCredentials. This class has a zero-argument constructor, and you add credentials with this method:

Function: void add (java.io.InputStream cert_chain, java.io.InputStream private_key) throws java.io.IOException, java.security.CertificateException, java.security.InvalidKeyException, java.security.spec.InvalidKeySpecException, java.security.NoSuchAlgorithmException, gnu.crypto.pad.WrongPaddingException

Adds a certificate chain and a private key to this credentials object. The input data streams must be PEM formatted, the first being a sequence of X.509 certificates and the second being an encrypted private key. The password for decrypting the key (if any) is read by a callback handler, which can be customized via the jessie.password.handler property See section 4. Properties.

An exception is thrown if the certificates or the private key are badly formatted, or if the password read is incorrect.

Once a PrivateCredentials object is created and initialized, it can be passed to the init method of a KeyManager with algorithm "JessieX509".

Additionally, the PrivateCredentials class contains the following methods:

Function: java.util.List getCertChains ()

This returns the list of certificate chains contained in this object. Each element of the returned list is an array of java.security.cert.X509Certificate objects, the first element of which is the target certificate of the chain.

Each certificate chain has a corresponding private key at the same index in the list returned by the getPrivateKeys method.

Function: java.util.List getPrivateKeys ()

This returns the list of private keys contained in this object. Each private key has a corresponding certificate chain at the same index in the list returned by the getCertChains method.

Function: void destroy ()

Clears this object of all sensitive data.

Function: boolean isDestroyed ()

Returns true if the destroy method has been called.

3. Persistent Sessions

Jessie supports persistent sessions, which is a way to store SSL sessions across invocations of the JVM, either on the filesystem or in an SQL database. By default Jessie will not store sessions in any permanent fasion, and will only keep sessions in memory.

To enable persistent storage of sessions, you must specify a "codec" to use. This is done with the jessie.clientSessionContext.codec security property for client-side sockets, and with the jessie.serverSessionContext.codec security property for server-side sockets. Allowed values for these two properties are:

jdbc

This value specifies that sessions should be stored in a relational database, accessed through the JDBC API. See section 3.1 JDBC Session Contexts.

null

This value (and any other value not defined here) is the normal operation of session contexts in Jessie; namely, sessions are kept only in memory, and are lost when the virtual machine exits.

xml

This value specifies that sessions should be stored in an XML-encoded file on the filesystem. See section 3.2 XML Session Contexts.

3.1 JDBC Session Contexts		Storing sessions in a database.
3.2 XML Session Contexts		Storing sessions on the filesystem.

3.1 JDBC Session Contexts

Defining either security property jessie.clientSessionContext.codec or jessie.serverSessionContext.codec to "jdbc" will use an SQL database to store sessions for client and server sockets, respectively. Three other security properties can be defined:

jessie.SessionContext.jdbc.url jessie.SessionContext.jdbc.user jessie.SessionContext.jdbc.password

To specify the URL, user, and password to use when accessing the database, respectively. The URL is a valid JDBC url, such as:

jdbc:mysql://hostname/database

The sessions are kept in a table called "SESSIONS", which must exist beforehand. The form of this table must be similar to this:

TABLE SESSIONS = ( ID VARBINARY(32) PRIMARY KEY UNIQUE NOT NULL, LAST_ACCESSED TIMESTAMP NOT NULL, PROTOCOL VARCHAR(7) NOT NULL, SUITE VARCHAR(255) NOT NULL, PEER_HOST TEXT NOT NULL, PEER_CERT_TYPE VARCHAR(32), PEER_CERTS BLOB, CERT_TYPE VARCHAR(32), CERTS BLOB, SECRET VARBINARY(48) NOT NULL )

Your database's native types can be substituted for the types above, as long as they are reasonably compatible (MySQL users would use VARHCAR BINARY instead of VARBINARY, and PostgreSQL users would use BYTEA in place of BLOB and VARBINARY).

The master secret of the SSL session is not encrypted before being stored in the database, so it is advised that the database be protected with a username and password.

Note that the form of SQL tables used by Jessie is experimental, and is subject to change.

3.2 XML Session Contexts

When the session context codec is set to "xml", sessions are saved on the filesystem in a simple XML-encoded file. The following security properties are also used in this case:

jessie.SessionContext.file jessie.SessionContext.password jessie.SessionContext.compress

Only the first property is required, which must be set to the path of a writable file. The password property is used to ensure the protection and authenticity of the master secret, and the compress property is a boolean property that, when true, will filter the output through the GZIP compression algorithm before writing it.

This codec is highly inefficient with large sets of sessions, as any change to the state of the session context will trigger a re-encoding of all sessions. Thus, this method is best used by programs that do not need to store large or unbounded sets of sessions.

4. Properties

Jessie makes use of a number of security properties, which can be defined at run-time with the command:

java.security.Security.setProperty("name", "value");

Or statically through an entry in your security properties file. You must also ensure that your local security policy allows the Jessie classes to read these properties.

jessie.certificate.handler

This property should be the name of a class that implements the org.metastatic.jessie.CertificateHandler interface, which interacts with clients to confirm whether or not to accept connections with unverified certificates. If this property is not specified, the class org.metastatic.jessie.ConsoleCertificateHandler will be used.

jessie.clientSessionContext.codec

This is the "codec" that will be used for persistent storage of SSL sessions created by client sockets. Accepted values are "jdbc", "xml", or "null". The default is "null". See also the jessie.SessionContext.* properties that must be set depending on the codec used.

jessie.compression.level

The compression level used when the "ZLIB" compression method is used. This value may be any integer from 0 to 9.

jessie.csprng.blocking

A boolean property that will indicate whether or not the system random number generator should wait until a sufficient amount of random data has been input into the pool. The default is not to wait.

If you set this property to true, you must also define enough files, programs, URLs, or other sources whose quality estimates will add up to 100.

jessie.csprng.file.n

These properties, with n being integers starting from 1, define a list of files to read periodically to reseed the internal random number generator's randomness pool. The format of this property is four values, separated by semicolons:

quality;offset;length;path

quality is a floating-point number from 0 to 100, that estimates the quality of this source (as a whole -- the entire length read) as a percentage. 100 indicates perfect-quality.

offset is an integer indicating the number of bytes to skip from the beginning of the file.

length is the number of bytes to read, starting at offset. If fewer that length bytes are available, the quality of the bytes read will be scaled accordingly.

path is the full path to the file that should be read. For example, this could be `/dev/random' to poll a Unix system's random device.

jessie.csprng.other.n

These properties, with n being integers starting from 1, define a list of names of classes that implement the org.metastatic.jessie.EntropySource interface an have a zero-argument constructor. Instances of each class listed will be polled periodically for random bytes.

jessie.csprng.program.n

These properties, which are formatted the same as jessie.csprng.file.n, define a list of programs to run, the output of which is input into the random pool. The values for these properties are the same as jessie.csprng.file.n --- four values separated by semicolons -- but the fourth value is the name of a program to run, such as `last -n 50'. The other values are interpreted in a similar fashion as file sources.

jessie.csprng.url.n

These properties, which are formatted the same as jessie.csprng.file.n, define a list of URLs to access, the output of which is input into the random pool. The values for these properties are the same as jessie.csprng.file.n --- four values separated by semicolons -- but the fourth value is a fully-qualified URL to download, such as `http://www.fourmilab.ch/cgi-bin/uncgi/Hotbits?nbytes=128&fmt=bin'. The other values are interpreted in a similar fashion as file sources.

jessie.emit.empty.records

This is a boolean property that, if set to true, a zero-length record will be sent before every application data record. This technique helps to defeat certain weaknesses in the CBC mode used by SSL. The default value for this property is true, and you should only set this to false if you are interoperating with a system that does not accept zero-length records.

jessie.key.dh.group

The modular exponentian Diffie-Hellman group to use when generating ephemeral Diffie-Hellman keys. This value can be any of the integers 1, 2, 5, 14, 15, 16, 17, or 18; these values are described in RFC 2409 (http://www.ietf.org/rfc/rfc2409.txt) and RFC 3526 (http://www.ietf.org/rfc/rfc3526.txt). Larger group IDs denote larger primes, from 768 bits (group 1) to 8192 bits (group 18). Larger primes are more secure, but come at a cost of processing and transmission time; thus, applications that need more speed than security can use smaller groups, instead of the default, group 18.

jessie.password.handler

This property should be the name of a class that implements the javax.security.auth.callback.CallbackHandler interface and is able to handle javax.security.auth.callback.PasswordCallback arguments. This class is used to obtain passwords to decrypt private credentials, and if not specified the default, org.metastatic.jessie.ConsolePasswordHandler, will be used.

jessie.secure.random

The name of the default secure random algorithm to use. If unspecified, the "CSPRNG" algorithm will be used. Note that this algorithm is not used for critical secure random numbers, but rather the library's own secure PRNG.

jessie.serverSessionContext.codec

This is the "codec" that will be used for persistent storage of SSL sessions created by server sockets. Accepted values are "jdbc", "xml", or "null". The default is "null".

jessie.SessionContext.jdbc.password

This is the password for accessing the database that is to hold persistent sessions created by server sockets. This property is optional, but it is obviously recommended that the database be protected with a password.

jessie.SessionContext.jdbc.url

The JDBC URL that points to the database where sessions created by server sockets should be stored. This property is required if the session codec is "jdbc".

jessie.SessionContext.jdbc.user

The user name to use when accessing the database that is to hold persistent sessions created by server sockets. This property is optional, but it is not recommended that the database be anonymous.

jessie.SessionContext.xml.compress

If this property is set to "true", then the XML-encoded sessions will be compressed with the GZIP compression algorithm. The default is "false".

jessie.SessionContext.xml.file

The file where the XML-encoded sessions will be stored. This property is required if the codec is "xml".

jessie.SessionContext.xml.password

The password that is used to protect the master secret of sessions stored with the "xml" codec. If not specified, an empty password will be used.

jessie.session.timeout

The time, in seconds, that SSL sessions will be kept before they become invalid. The default timeout is 24 hours.

jessie.with.jce

If set to "true", then Jessie will use ciphers and MACs using the Java Cryptography Extension (JCE) API. By default, Jessie uses the GNU Crypto package. Setting this property can result in an error if your JCE providers are not configured properly.

jessie.with.jce.provider

Set this variable to the name of the installed java.security.Provider class that should be preferred when getting ciphers and MACs from the JCE.

jessie.x500.class

The full name of a class that should be used to hold an X.500 directory name. The class must (a) implement the interface java.security.Principal, and (b) have a public constructor that takes a byte array of the DER encoded X.500 name as the only argument. If not specified, the class javax.security.auth.x500.X500Principal is used.

ssl.keyManagerFactory.algorithm

This is the name of the key manager algorithm, which must be implemented by an installed security provider. The default value is "JessieX509".

ssl.ServerSocketFactory.provider

This is the class name of an implementation of javax.net.ssl.SSLServerSocketFactory that is returned by the getDefault() method of that class. If not defined, factories will be created from a private instance of the javax.net.ssl.SSLContext class.

ssl.SocketFactory.provider

This is the class name of an implementation of javax.net.ssl.SSLSocketFactory that is returned by the getDefault() method of that class. If not defined, factories will be created from a private instance of the javax.net.ssl.SSLContext class.

ssl.trustManagerFactory.algorithm

This is the name of the trust manager algorithm, which must be implemented by an installed security provider. The default value is "JessieX509".

Additionally, Jessie uses the following properties from the java.lang.System class, for compatibility with other implementations of the JSSE:

javax.net.ssl.keyStore

The location of the file containing certificates and private keys. This file is loaded if no key store is specified to the init method of the "JessieX509" KeyManagerFactory class. There is no default.

javax.net.ssl.keyStorePassword

The password for the key store specified in the javax.net.ssl.keyStore property.

javax.net.ssl.keyStoreType

The alorithm name of the key store specified in the javax.net.ssl.keyStore property. The default is system-dependent.

javax.net.ssl.trustStore

The location of the file containing certificates from trusted authorities, which are used to establish the trust of remote hosts. If not specified, the files ${JAVA_HOME}/jre/lib/security/jssecerts and ${JAVA_HOME}/jre/lib/security/cacerts are tried, in order. This file is loaded if no key store is specified to the init method of the "JessieX509" TrustManagerFactory class.

javax.net.ssl.trustStorePassword

The password for the key store specified in the javax.net.ssl.trustStore property.

javax.net.ssl.trustStoreType

The algorithm name of the key store specified in the javax.net.ssl.trustStore property. The default is system-dependent.

The following TLS ciphersuites are available in Jessie. Most (all except the SRP cipher suites) are enabled by default.

Cipher suite names have the following naming convention:

TLS_key exchange_signature_WITH_cipher_mac

Ciphersuites that are not recommended for current use:

TLS_NULL_WITH_NULL_NULL TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

Common ciphersuites:

TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_DH_DSS_WITH_DES_CBC_SHA TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA TLS_DH_RSA_WITH_DES_CBC_SHA TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

AES ciphersuites (defined in RFC 3268):

TLS_RSA_WITH_AES_128_CBC_SHA TLS_DH_DSS_WITH_AES_128_CBC_SHA TLS_DH_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DH_DSS_WITH_AES_256_CBC_SHA TLS_DH_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA

Secure remote password ciphersuites:

TLS_SRP_SHA_WITH_3DES_EDE_CBC_SHA TLS_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA TLS_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA TLS_SRP_SHA_WITH_AES_128_CBC_SHA TLS_SRP_SHA_RSA_WITH_AES_128_CBC_SHA TLS_SRP_SHA_DSS_WITH_AES_128_CBC_SHA TLS_SRP_SHA_WITH_AES_256_CBC_SHA TLS_SRP_SHA_RSA_WITH_AES_256_CBC_SHA TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA

RipeMD-160 and CAST-5 ciphersuites:

TLS_DHE_DSS_WITH_CAST_128_CBC_SHA TLS_DHE_DSS_WITH_CAST_128_CBC_RMD TLS_DHE_DSS_WITH_3DES_EDE_CBC_RMD TLS_DHE_DSS_WITH_AES_128_CBC_RMD TLS_DHE_DSS_WITH_AES_256_CBC_RMD TLS_DHE_RSA_WITH_CAST_128_CBC_SHA TLS_DHE_RSA_WITH_CAST_128_CBC_RMD TLS_DHE_RSA_WITH_3DES_EDE_CBC_RMD TLS_DHE_RSA_WITH_AES_128_CBC_RMD TLS_DHE_RSA_WITH_AES_256_CBC_RMD TLS_RSA_WITH_CAST_128_CBC_SHA TLS_RSA_WITH_CAST_128_CBC_RMD TLS_RSA_WITH_3DES_EDE_CBC_RMD TLS_RSA_WITH_AES_128_CBC_RMD TLS_RSA_WITH_AES_256_CBC_RMD

Copying Jessie

Jessie is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

Jessie is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with Jessie, see the section "The GNU General Public License"; if not, write to the

Free Software Foundation Inc. 59 Temple Place---Suite 330 Boston, MA 02111--1307 USA

GNU General Public License

Copyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

Preamble

The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it. (Some other Free Software Foundation software is covered by the GNU Library General Public License instead.) You can apply it to your programs, too.

When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs; and that you know you can do these things.

To protect your rights, we need to make restrictions that forbid anyone to deny you these rights or to ask you to surrender the rights. These restrictions translate to certain responsibilities for you if you distribute copies of the software, or if you modify it.

For example, if you distribute copies of such a program, whether gratis or for a fee, you must give the recipients all the rights that you have. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights.

We protect your rights with two steps: (1) copyright the software, and (2) offer you this license which gives you legal permission to copy, distribute and/or modify the software.

Also, for each author's protection and ours, we want to make certain that everyone understands that there is no warranty for this free software. If the software is modified by someone else and passed on, we want its recipients to know that what they have is not the original, so that any problems introduced by others will not reflect on the original authors' reputations.

Finally, any free program is threatened constantly by software patents. We wish to avoid the danger that redistributors of a free program will individually obtain patent licenses, in effect making the program proprietary. To prevent this, we have made it clear that any patent must be licensed for everyone's free use or not licensed at all.

The precise terms and conditions for copying, distribution and modification follow.

1. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".

   Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.

2. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.

   You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

3. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:
   1. You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change.

   2. You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

   3. If the modified program normally reads commands interactively when run, you must cause it, when started running for such interactive use in the most ordinary way, to print or display an announcement including an appropriate copyright notice and a notice that there is no warranty (or else, saying that you provide a warranty) and that users may redistribute the program under these conditions, and telling the user how to view a copy of this License. (Exception: if the Program itself is interactive but does not normally print such an announcement, your work based on the Program is not required to print an announcement.)

   These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

   Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.

   In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

4. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:
   1. Accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

   2. Accompany it with a written offer, valid for at least three years, to give any third party, for a charge no more than your cost of physically performing source distribution, a complete machine-readable copy of the corresponding source code, to be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange; or,

   3. Accompany it with the information you received as to the offer to distribute corresponding source code. (This alternative is allowed only for noncommercial distribution and only if you received the program in object code or executable form with such an offer, in accord with Subsection b above.)

   The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

   If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.

5. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

6. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

7. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.

8. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

   If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.

   It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

   This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

9. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

10. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

    Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

11. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.
    NO WARRANTY

12. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

13. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Appendix: How to Apply These Terms to Your New Programs

If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms.

To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found.

one line to give the program's name and a brief idea of what it does. Copyright (C) yyyy name of author This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc. 59 Temple Place - Suite 330 Boston, MA 02111-1307 USA

Also add information on how to contact you by electronic and paper mail.

If the program is interactive, make it output a short notice like this when it starts in an interactive mode:

Gnomovision version 69, Copyright (C) 19yy name of author Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details.

The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, the commands you use may be called something other than `show w' and `show c'; they could even be mouse-clicks or menu items--whatever suits your program.

You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the program, if necessary. Here is a sample; alter the names:

Yoyodyne, Inc., hereby disclaims all copyright interest in the program `Gnomovision' (which makes passes at compilers) written by James Hacker. signature of Ty Coon, 1 April 1989 Ty Coon, President of Vice

This General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Library General Public License instead of this License.

GNU Free Documentation License

Copyright (C) 2000 Free Software Foundation, Inc. 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

1. PREAMBLE

   The purpose of this License is to make a manual, textbook, or other written document free in the sense of freedom: to assure everyone the effective freedom to copy and redistribute it, with or without modifying it, either commercially or noncommercially. Secondarily, this License preserves for the author and publisher a way to get credit for their work, while not being considered responsible for modifications made by others.

   This License is a kind of "copyleft", which means that derivative works of the document must themselves be free in the same sense. It complements the GNU General Public License, which is a copyleft license designed for free software.

   We have designed this License in order to use it for manuals for free software, because free software needs free documentation: a free program should come with manuals providing the same freedoms that the software does. But this License is not limited to software manuals; it can be used for any textual work, regardless of subject matter or whether it is published as a printed book. We recommend this License principally for works whose purpose is instruction or reference.

2. APPLICABILITY AND DEFINITIONS

   This License applies to any manual or other work that contains a notice placed by the copyright holder saying it can be distributed under the terms of this License. The "Document", below, refers to any such manual or work. Any member of the public is a licensee, and is addressed as "you".

   A "Modified Version" of the Document means any work containing the Document or a portion of it, either copied verbatim, or with modifications and/or translated into another language.

   A "Secondary Section" is a named appendix or a front-matter section of the Document that deals exclusively with the relationship of the publishers or authors of the Document to the Document's overall subject (or to related matters) and contains nothing that could fall directly within that overall subject. (For example, if the Document is in part a textbook of mathematics, a Secondary Section may not explain any mathematics.) The relationship could be a matter of historical connection with the subject or with related matters, or of legal, commercial, philosophical, ethical or political position regarding them.

   The "Invariant Sections" are certain Secondary Sections whose titles are designated, as being those of Invariant Sections, in the notice that says that the Document is released under this License.

   The "Cover Texts" are certain short passages of text that are listed, as Front-Cover Texts or Back-Cover Texts, in the notice that says that the Document is released under this License.

   A "Transparent" copy of the Document means a machine-readable copy, represented in a format whose specification is available to the general public, whose contents can be viewed and edited directly and straightforwardly with generic text editors or (for images composed of pixels) generic paint programs or (for drawings) some widely available drawing editor, and that is suitable for input to text formatters or for automatic translation to a variety of formats suitable for input to text formatters. A copy made in an otherwise Transparent file format whose markup has been designed to thwart or discourage subsequent modification by readers is not Transparent. A copy that is not "Transparent" is called "Opaque".

   Examples of suitable formats for Transparent copies include plain ASCII without markup, Texinfo input format, LaTeX input format, SGML or XML using a publicly available DTD, and standard-conforming simple HTML designed for human modification. Opaque formats include PostScript, PDF, proprietary formats that can be read and edited only by proprietary word processors, SGML or XML for which the DTD and/or processing tools are not generally available, and the machine-generated HTML produced by some word processors for output purposes only.

   The "Title Page" means, for a printed book, the title page itself, plus such following pages as are needed to hold, legibly, the material this License requires to appear in the title page. For works in formats which do not have any title page as such, "Title Page" means the text near the most prominent appearance of the work's title, preceding the beginning of the body of the text.

3. VERBATIM COPYING

   You may copy and distribute the Document in any medium, either commercially or noncommercially, provided that this License, the copyright notices, and the license notice saying this License applies to the Document are reproduced in all copies, and that you add no other conditions whatsoever to those of this License. You may not use technical measures to obstruct or control the reading or further copying of the copies you make or distribute. However, you may accept compensation in exchange for copies. If you distribute a large enough number of copies you must also follow the conditions in section 3.

   You may also lend copies, under the same conditions stated above, and you may publicly display copies.

4. COPYING IN QUANTITY

   If you publish printed copies of the Document numbering more than 100, and the Document's license notice requires Cover Texts, you must enclose the copies in covers that carry, clearly and legibly, all these Cover Texts: Front-Cover Texts on the front cover, and Back-Cover Texts on the back cover. Both covers must also clearly and legibly identify you as the publisher of these copies. The front cover must present the full title with all words of the title equally prominent and visible. You may add other material on the covers in addition. Copying with changes limited to the covers, as long as they preserve the title of the Document and satisfy these conditions, can be treated as verbatim copying in other respects.

   If the required texts for either cover are too voluminous to fit legibly, you should put the first ones listed (as many as fit reasonably) on the actual cover, and continue the rest onto adjacent pages.

   If you publish or distribute Opaque copies of the Document numbering more than 100, you must either include a machine-readable Transparent copy along with each Opaque copy, or state in or with each Opaque copy a publicly-accessible computer-network location containing a complete Transparent copy of the Document, free of added material, which the general network-using public has access to download anonymously at no charge using public-standard network protocols. If you use the latter option, you must take reasonably prudent steps, when you begin distribution of Opaque copies in quantity, to ensure that this Transparent copy will remain thus accessible at the stated location until at least one year after the last time you distribute an Opaque copy (directly or through your agents or retailers) of that edition to the public.

   It is requested, but not required, that you contact the authors of the Document well before redistributing any large number of copies, to give them a chance to provide you with an updated version of the Document.

5. MODIFICATIONS

   You may copy and distribute a Modified Version of the Document under the conditions of sections 2 and 3 above, provided that you release the Modified Version under precisely this License, with the Modified Version filling the role of the Document, thus licensing distribution and modification of the Modified Version to whoever possesses a copy of it. In addition, you must do these things in the Modified Version:

   1. Use in the Title Page (and on the covers, if any) a title distinct from that of the Document, and from those of previous versions (which should, if there were any, be listed in the History section of the Document). You may use the same title as a previous version if the original publisher of that version gives permission.

   2. List on the Title Page, as authors, one or more persons or entities responsible for authorship of the modifications in the Modified Version, together with at least five of the principal authors of the Document (all of its principal authors, if it has less than five).

   3. State on the Title page the name of the publisher of the Modified Version, as the publisher.

   4. Preserve all the copyright notices of the Document.

   5. Add an appropriate copyright notice for your modifications adjacent to the other copyright notices.

   6. Include, immediately after the copyright notices, a license notice giving the public permission to use the Modified Version under the terms of this License, in the form shown in the Addendum below.

   7. Preserve in that license notice the full lists of Invariant Sections and required Cover Texts given in the Document's license notice.

   8. Include an unaltered copy of this License.

   9. Preserve the section entitled "History", and its title, and add to it an item stating at least the title, year, new authors, and publisher of the Modified Version as given on the Title Page. If there is no section entitled "History" in the Document, create one stating the title, year, authors, and publisher of the Document as given on its Title Page, then add an item describing the Modified Version as stated in the previous sentence.

   10. Preserve the network location, if any, given in the Document for public access to a Transparent copy of the Document, and likewise the network locations given in the Document for previous versions it was based on. These may be placed in the "History" section. You may omit a network location for a work that was published at least four years before the Document itself, or if the original publisher of the version it refers to gives permission.

   11. In any section entitled "Acknowledgments" or "Dedications", preserve the section's title, and preserve in the section all the substance and tone of each of the contributor acknowledgments and/or dedications given therein.

   12. Preserve all the Invariant Sections of the Document, unaltered in their text and in their titles. Section numbers or the equivalent are not considered part of the section titles.

   13. Delete any section entitled "Endorsements". Such a section may not be included in the Modified Version.

   14. Do not retitle any existing section as "Endorsements" or to conflict in title with any Invariant Section.

   If the Modified Version includes new front-matter sections or appendices that qualify as Secondary Sections and contain no material copied from the Document, you may at your option designate some or all of these sections as invariant. To do this, add their titles to the list of Invariant Sections in the Modified Version's license notice. These titles must be distinct from any other section titles.

   You may add a section entitled "Endorsements", provided it contains nothing but endorsements of your Modified Version by various parties--for example, statements of peer review or that the text has been approved by an organization as the authoritative definition of a standard.

   You may add a passage of up to five words as a Front-Cover Text, and a passage of up to 25 words as a Back-Cover Text, to the end of the list of Cover Texts in the Modified Version. Only one passage of Front-Cover Text and one of Back-Cover Text may be added by (or through arrangements made by) any one entity. If the Document already includes a cover text for the same cover, previously added by you or by arrangement made by the same entity you are acting on behalf of, you may not add another; but you may replace the old one, on explicit permission from the previous publisher that added the old one.

   The author(s) and publisher(s) of the Document do not by this License give permission to use their names for publicity for or to assert or imply endorsement of any Modified Version.

6. COMBINING DOCUMENTS

   You may combine the Document with other documents released under this License, under the terms defined in section 4 above for modified versions, provided that you include in the combination all of the Invariant Sections of all of the original documents, unmodified, and list them all as Invariant Sections of your combined work in its license notice.

   The combined work need only contain one copy of this License, and multiple identical Invariant Sections may be replaced with a single copy. If there are multiple Invariant Sections with the same name but different contents, make the title of each such section unique by adding at the end of it, in parentheses, the name of the original author or publisher of that section if known, or else a unique number. Make the same adjustment to the section titles in the list of Invariant Sections in the license notice of the combined work.

   In the combination, you must combine any sections entitled "History" in the various original documents, forming one section entitled "History"; likewise combine any sections entitled "Acknowledgments", and any sections entitled "Dedications". You must delete all sections entitled "Endorsements."

7. COLLECTIONS OF DOCUMENTS

   You may make a collection consisting of the Document and other documents released under this License, and replace the individual copies of this License in the various documents with a single copy that is included in the collection, provided that you follow the rules of this License for verbatim copying of each of the documents in all other respects.

   You may extract a single document from such a collection, and distribute it individually under this License, provided you insert a copy of this License into the extracted document, and follow this License in all other respects regarding verbatim copying of that document.

8. AGGREGATION WITH INDEPENDENT WORKS

   A compilation of the Document or its derivatives with other separate and independent documents or works, in or on a volume of a storage or distribution medium, does not as a whole count as a Modified Version of the Document, provided no compilation copyright is claimed for the compilation. Such a compilation is called an "aggregate", and this License does not apply to the other self-contained works thus compiled with the Document, on account of their being thus compiled, if they are not themselves derivative works of the Document.

   If the Cover Text requirement of section 3 is applicable to these copies of the Document, then if the Document is less than one quarter of the entire aggregate, the Document's Cover Texts may be placed on covers that surround only the Document within the aggregate. Otherwise they must appear on covers around the whole aggregate.

9. TRANSLATION

   Translation is considered a kind of modification, so you may distribute translations of the Document under the terms of section 4. Replacing Invariant Sections with translations requires special permission from their copyright holders, but you may include translations of some or all Invariant Sections in addition to the original versions of these Invariant Sections. You may include a translation of this License provided that you also include the original English version of this License. In case of a disagreement between the translation and the original English version of this License, the original English version will prevail.

10. TERMINATION

    You may not copy, modify, sublicense, or distribute the Document except as expressly provided for under this License. Any other attempt to copy, modify, sublicense or distribute the Document is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

11. FUTURE REVISIONS OF THIS LICENSE

    The Free Software Foundation may publish new, revised versions of the GNU Free Documentation License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. See http://www.gnu.org/copyleft/.

    Each version of the License is given a distinguishing version number. If the Document specifies that a particular numbered version of this License "or any later version" applies to it, you have the option of following the terms and conditions either of that specified version or of any later version that has been published (not as a draft) by the Free Software Foundation. If the Document does not specify a version number of this License, you may choose any version ever published (not as a draft) by the Free Software Foundation.

ADDENDUM: How to use this License for your documents

To use this License in a document you have written, include a copy of the License in the document and put the following copyright and license notices just after the title page:

Copyright (C) year your name. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with the Invariant Sections being list their titles, with the Front-Cover Texts being list, and with the Back-Cover Texts being list. A copy of the license is included in the section entitled ``GNU Free Documentation License''.

If you have no Invariant Sections, write "with no Invariant Sections" instead of saying which ones are invariant. If you have no Front-Cover Texts, write "no Front-Cover Texts" instead of "Front-Cover Texts being list"; likewise for Back-Cover Texts.

If your document contains nontrivial examples of program code, we recommend releasing these examples in parallel under your choice of free software license, such as the GNU General Public License, to permit their use in free software.

Table of Contents

1. Introduction
2. The SSL Context Class

2.1 Initializing SSLContext
2.2 Trust Managers

2.2.1 X.509 Certificates
2.2.2 Secure Remote Password

2.3 Key Managers

2.3.1 From Key Stores
2.3.2 From Files

3. Persistent Sessions

3.1 JDBC Session Contexts
3.2 XML Session Contexts

4. Properties
Copying Jessie
GNU General Public License
GNU Free Documentation License

Short Table of Contents

1. Introduction
2. The SSL Context Class
3. Persistent Sessions
4. Properties
Copying Jessie
GNU General Public License
GNU Free Documentation License

About this document

• 1. Section One
• 1.1 Subsection One-One
• ...
• 1.2 Subsection One-Two
• 1.2.1 Subsubsection One-Two-One
• 1.2.2 Subsubsection One-Two-Two
• 1.2.3 Subsubsection One-Two-Three     <== Current Position
• 1.2.4 Subsubsection One-Two-Four
• 1.3 Subsection One-Three
• ...
• 1.4 Subsection One-Four